If you do not know about the personal data you hold, you cannot comply with the GDPR. So, trace the flow of personal data in your company. Bear in mind that the personal data of employees is covered by the GDPR.
Compliance with the GDPR will involve those self-same employees. They will need training in the application of the principles of the GDPR in your organization.
Possibly you are obliged to appoint a Data Protection Officer (DPO). If so, even if you decide you need one regardless of a lack of obligation to appoint one, there is little point in leaving it to May 2018 to do so. The DPO will be needed to help you reach compliance with the GDPR.
As your DPO will tell you quickly, many systems must be devised and implemented to ensure compliance. You will have to ensure that data protection is “baked in” to your systems. In other words, no change can take place without a rational analysis of the data protection implications and the measurement of risk for any such change. Here, speaking of change carries the assumption that your organization is not currently in compliance. It would be an unusual organization if it were to be already in compliance with the GDPR.
The GDPR requires the writing of a Data Protection Impact Assessment for change. To comply with the GDPR is to change. So, you will need to write your Data Protection Impact Assessment.
The foregoing is a cursory look at what you have to do. Start doing it now. You are possibly going to be late and not in compliance on 25th May 2018 but if you recognize the urgency you might just make it.
Start. Start now. Do not get diverted or distracted. You need to focus; you will need all the time that remains to do even the few things listed above.